bird: add learn + explicit static blackhole protocols
Build flock Image / build (push) Has been cancelled
Build flock Image / build (push) Has been cancelled
BIRD2's protocol kernel does not import kernel routes by default; the import filter on the channel is just for what BIRD has already learned. Added `learn;` so the kernel-installed blackholes (from the agent's SummaryRoutes) are picked up. Also added explicit `protocol static static6/static4` with one `route <cidr> blackhole;` per NodeConfig CIDR. This is belt-and- suspenders: even if `learn` doesn't capture the kernel blackhole, BIRD has the route directly and exports it via the BGP filter. Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Donavan Fritz
@@ -43,17 +43,30 @@ protocol device { scan time 10; }
|
||||
protocol direct { interface "lo"; }
|
||||
|
||||
protocol kernel kernel6 {
|
||||
learn;
|
||||
ipv6 {
|
||||
import all;
|
||||
export all;
|
||||
};
|
||||
}
|
||||
protocol kernel kernel4 {
|
||||
learn;
|
||||
ipv4 {
|
||||
import all;
|
||||
export all;
|
||||
};
|
||||
}
|
||||
|
||||
protocol static static6 {
|
||||
ipv6;
|
||||
{{range $cidr := .CIDR6}}route {{$cidr}} blackhole;
|
||||
{{end}}
|
||||
}
|
||||
protocol static static4 {
|
||||
ipv4;
|
||||
{{range $cidr := .CIDR4}}route {{$cidr}} blackhole;
|
||||
{{end}}
|
||||
}
|
||||
{{range $i, $p := .Peers}}{{if eq $p.Family "v6"}}
|
||||
protocol bgp upstream6_{{$i}} {
|
||||
local as {{$.LocalASN}};
|
||||
|
||||
Reference in New Issue
Block a user